About
fbAuth is a simple class that completes an OAuth handshake with Facebook and retrieves access tokens for your own account and (optionally) any applications and/or pages you may have. The goal is to be as simple as possible, so this requires no database, no memcache and doesn't really do anything beyond grab access tokens. Once they're obtained you can do whatever you want with them of course. In an ideal world you could just extend this with your own Facebook class that does fancier stuff.
Documentation And Examples
This assumes you have already set up your application on Facebook and you know the app id, app secret and have some vague idea of what you're doing.
fbAuth requires a new-ish version of PHP 5 and the CURL extension.
Download and copy fbAuth.php wherever you like and include/require it from your code. Create an array with the following format:
$settings = array( 'app_id' => '<your app id>', 'app_secret' => '<your app secret>', 'app_callback' => '<your app callback>', 'scope' => '<permissions you want granted>', );
Obviously fill those in with real data. The scope parameter is important and should be a simple comma-delimited list (without spaces) of each permission you need. Note that in order to pull app/page access tokens you will need to set specific parameters here. You can learn more about permissions from Facebook's API docs. After that the following four lines will suffice:
$fbAuth = new fbAuth($settings); $fbAuth->requestAccessCode(); $fbAuth->requestAccessToken(); $fbAuth->requestAppAccessTokens();
This can be used to grab all the needed access tokens in one fell swoop with only one URL. You can then store the tokens wherever you like for immediate use. Note that the standard access token Facebook supplies has a limited lifespan and will need to be periodically re-requested.
It should also be noted that because fbAuth::requestAccessCode() does an HTTP redirect that call should be made before any output is sent to the user, otherwise the process won't work properly.
This extremely simple demo depends on the GET variable with the access code be present, however you can also load that from an external source if you don't want to expose the user to a URL with a very long code in it. In that case you would do something like this:
$fbAuth = new fbAuth($settings); $fbAuth->requestAccessCode(); $access_code = $fbAuth->loadAccessCode(); //Store $access_code somewhere for retrieval later header("Location: {$redirect_url}"); exit();
Then after the redirect you would simply retrieve and load the access code and continue:
$fbAuth = new fbAuth($settings); //Retrieve $access_code from storage here $fbAuth->loadAccessCode($access_code); $fbAuth->requestAccessToken(); $fbAuth->requestAppAccessTokens();
Once you have run fbAuth::requestAccessToken() and (optionally) fbAuth::requestAppAccessTokens() you can retrieve tokens and related info:
//Get the access token $access_token = $fbAuth->getAccessToken(); //Get UNIX timestamp of when this token expires (server time) $expires_on = $fbAuth->getAccessTokenExpires(); //If you know the specific app id you need a token for $app_token = $fbAuth->getAppAccessToken($app_id); //Get all apps in an array of objects $apps = $fbAuth->getApps();
The last call, fbAuth::getApps() will return an array of objects which will have the following members: access_token, name, id and category. Name is the name of the app, id is the app's ID (this will also be the index of the array element) and category will be the kind of app, generally 'Application' or 'Website'.
Any function that returns a value will return false when there is an error, which will usually mean a setting is missing (or Facebook could not be reached).
You can also view more comprehensive documentation on all the publicly exposed functions in the class.
View The Complete Documentation »
Demo
You can see fbAuth in action via this live demo, which will perform the complete OAuth handshake as well as grab your app/page access tokens. None of this data will be stored long-term (for more than a single page load).
Please note that since the demo requires a user-submitted app id and app secret there is no way to have this data persist through the redirect without storing it somewhere. Those two pieces of data are stored in the session, though only for as long as necessary and they are not put anywhere else.
Try Out The Demo »
Download
fbAuth is released under the FreeBSD license. See the license at the top of the file for more info.